* Jan Kiszka <[email protected]> [2017-08-23 23:40:09 +0000]: > From: Jan Kiszka <[email protected]> > > Specify in the docs and implement in the configuration files that cells > with passive comm regions have only read access to it. This avoids that > a passive cell, i.e. one that should also not be able to prevent > configuration changes, can block them by declaring itself "running/ > locked". > > Instead of checking in the hypervisor that a cell config does not permit > writes to passive comm regions, we should eventually validate this > offline via a config checker.
When bringing an inmate "online", does the hypervisor read the cell's general flags before jumping into each memory regions? It would be even safer, if so, to AND the memory regions' flags with ~JAILHOUSE_MEM_WRITE forcibly when evaluating them, no? > > Signed-off-by: Jan Kiszka <[email protected]> > --- > Documentation/hypervisor-interfaces.txt | 8 +++++--- > configs/e1000-demo.c | 3 +-- > configs/ioapic-demo.c | 3 +-- > configs/ivshmem-demo.c | 3 +-- > configs/linux-x86-demo.c | 3 +-- > configs/pci-demo.c | 3 +-- > configs/smp-demo.c | 3 +-- > configs/tiny-demo.c | 3 +-- > 8 files changed, 12 insertions(+), 17 deletions(-) > > diff --git a/Documentation/hypervisor-interfaces.txt > b/Documentation/hypervisor-interfaces.txt > index ac10c9af..0e529db0 100644 > --- a/Documentation/hypervisor-interfaces.txt > +++ b/Documentation/hypervisor-interfaces.txt > @@ -273,10 +273,12 @@ Communication Region > -------------------- > > The communication region is a per-cell shared memory area that both the > -hypervisor and the particular cell can read from and write to. It is an > -optional communication mechanism. If the region shall be used by a cell, it > +hypervisor and the particular cell can read from and write to by default. It > is > +an optional communication mechanism. If the region shall be used by a cell, > it > has to be mapped into the cell's address space via its configuration (see [2] > -for details). > +for details). If the cell is configured to be passive with respect to the > +communication region (cell flag JAILHOUSE_CELL_PASSIVE_COMMREG) and the > region > +is mapped, it has to be declared read-only in the cell configuration. > > > Communication region layout > diff --git a/configs/e1000-demo.c b/configs/e1000-demo.c > index ef9314cf..59a350ff 100644 > --- a/configs/e1000-demo.c > +++ b/configs/e1000-demo.c > @@ -56,8 +56,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > /* e1000 BAR0 */ { > .phys_start = 0xfebc0000, > diff --git a/configs/ioapic-demo.c b/configs/ioapic-demo.c > index 042d3a70..4f12d12a 100644 > --- a/configs/ioapic-demo.c > +++ b/configs/ioapic-demo.c > @@ -53,8 +53,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > }, > > diff --git a/configs/ivshmem-demo.c b/configs/ivshmem-demo.c > index 230b9ccc..8fa991fe 100644 > --- a/configs/ivshmem-demo.c > +++ b/configs/ivshmem-demo.c > @@ -52,8 +52,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > /* IVSHMEM shared memory region */ > { > diff --git a/configs/linux-x86-demo.c b/configs/linux-x86-demo.c > index c4721247..27c972df 100644 > --- a/configs/linux-x86-demo.c > +++ b/configs/linux-x86-demo.c > @@ -65,8 +65,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > /* high RAM */ { > .phys_start = 0x3b700000, > diff --git a/configs/pci-demo.c b/configs/pci-demo.c > index 087f388f..b15d4e0a 100644 > --- a/configs/pci-demo.c > +++ b/configs/pci-demo.c > @@ -55,8 +55,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > /* HDA BAR0 */ { > .phys_start = 0xfebd4000, > diff --git a/configs/smp-demo.c b/configs/smp-demo.c > index 9a157edc..f05f029f 100644 > --- a/configs/smp-demo.c > +++ b/configs/smp-demo.c > @@ -51,8 +51,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > }, > > diff --git a/configs/tiny-demo.c b/configs/tiny-demo.c > index f567cbef..f31ac96b 100644 > --- a/configs/tiny-demo.c > +++ b/configs/tiny-demo.c > @@ -53,8 +53,7 @@ struct { > /* communication region */ { > .virt_start = 0x00100000, > .size = 0x00001000, > - .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_WRITE | > - JAILHOUSE_MEM_COMM_REGION, > + .flags = JAILHOUSE_MEM_READ | JAILHOUSE_MEM_COMM_REGION, > }, > }, > > -- > 2.12.3 -- Gustavo Lima Chaves Intel - Open Source Technology Center -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
